kore

An easy to use, scalable and secure web application framework for writing web APIs in C.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

kore.h (31634B)



      1 /*
      2  * Copyright (c) 2013-2022 Joris Vink <joris@coders.se>
      3  *
      4  * Permission to use, copy, modify, and distribute this software for any
      5  * purpose with or without fee is hereby granted, provided that the above
      6  * copyright notice and this permission notice appear in all copies.
      7  *
      8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
      9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
     10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
     11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
     12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
     13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
     14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
     15  */
     16 
     17 #ifndef __H_KORE_H
     18 #define __H_KORE_H
     19 
     20 #if defined(__APPLE__)
     21 #define daemon portability_is_king
     22 #endif
     23 
     24 #include <sys/param.h>
     25 #include <sys/types.h>
     26 #include <sys/time.h>
     27 #include <sys/queue.h>
     28 #include <sys/un.h>
     29 
     30 #include <netinet/in.h>
     31 #include <arpa/inet.h>
     32 
     33 #include <errno.h>
     34 #include <regex.h>
     35 #include <stdarg.h>
     36 #include <stdlib.h>
     37 #include <stdio.h>
     38 #include <signal.h>
     39 #include <string.h>
     40 #include <syslog.h>
     41 #include <unistd.h>
     42 #include <stdarg.h>
     43 
     44 #if defined(__cplusplus)
     45 extern "C" {
     46 #endif
     47 
     48 #if defined(__APPLE__)
     49 #undef daemon
     50 extern int daemon(int, int);
     51 #define st_mtim		st_mtimespec
     52 #endif
     53 
     54 #if !defined(KORE_NO_SENDFILE)
     55 #if defined(__MACH__) || defined(__FreeBSD_version) || defined(__linux__)
     56 #define KORE_USE_PLATFORM_SENDFILE	1
     57 #endif
     58 #endif
     59 
     60 #if defined(__OpenBSD__)
     61 #define KORE_USE_PLATFORM_PLEDGE	1
     62 #endif
     63 
     64 #if defined(TLS_BACKEND_OPENSSL)
     65 #include <openssl/x509.h>
     66 #include <openssl/ssl.h>
     67 typedef X509		KORE_X509;
     68 typedef SSL		KORE_TLS;
     69 typedef SSL_CTX		KORE_TLS_CTX;
     70 typedef X509_NAME	KORE_X509_NAMES;
     71 typedef EVP_PKEY	KORE_PRIVATE_KEY;
     72 #else
     73 typedef void		KORE_X509;
     74 typedef void		KORE_TLS;
     75 typedef void		KORE_TLS_CTX;
     76 typedef void		KORE_X509_NAMES;
     77 typedef void		KORE_PRIVATE_KEY;
     78 #endif
     79 
     80 #define KORE_RSAKEY_BITS	4096
     81 
     82 #define KORE_RESULT_ERROR	0
     83 #define KORE_RESULT_OK		1
     84 #define KORE_RESULT_RETRY	2
     85 
     86 #define KORE_TLS_VERSION_1_3	0
     87 #define KORE_TLS_VERSION_1_2	1
     88 #define KORE_TLS_VERSION_BOTH	2
     89 
     90 #define KORE_BASE64_RAW		0x0001
     91 
     92 #define KORE_WAIT_INFINITE	(u_int64_t)-1
     93 #define KORE_RESEED_TIME	(1800 * 1000)
     94 
     95 #define errno_s			strerror(errno)
     96 #define ssl_errno_s		ERR_error_string(ERR_get_error(), NULL)
     97 #define KORE_DOMAINNAME_LEN		255
     98 #define KORE_PIDFILE_DEFAULT		"kore.pid"
     99 #define KORE_DHPARAM_PATH		PREFIX "/share/kore/ffdhe4096.pem"
    100 #define KORE_DEFAULT_CIPHER_LIST	"AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256:AEAD-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256"
    101 
    102 #if defined(KORE_DEBUG)
    103 #define kore_debug(...)		\
    104 	if (kore_debug)		\
    105 		kore_debug_internal(__FILE__, __LINE__, __VA_ARGS__)
    106 #else
    107 #define kore_debug(...)
    108 #endif
    109 
    110 #define NETBUF_RECV			0
    111 #define NETBUF_SEND			1
    112 #define NETBUF_SEND_PAYLOAD_MAX		8192
    113 #define SENDFILE_PAYLOAD_MAX		(1024 * 1024 * 10)
    114 
    115 #define NETBUF_LAST_CHAIN		0
    116 #define NETBUF_BEFORE_CHAIN		1
    117 
    118 #define NETBUF_CALL_CB_ALWAYS	0x01
    119 #define NETBUF_FORCE_REMOVE	0x02
    120 #define NETBUF_MUST_RESEND	0x04
    121 #define NETBUF_IS_STREAM	0x10
    122 #define NETBUF_IS_FILEREF	0x20
    123 
    124 #define KORE_X509_COMMON_NAME_ONLY	0x0001
    125 
    126 #define KORE_PEM_CERT_CHAIN	1
    127 #define KORE_DER_CERT_DATA	2
    128 
    129 /* XXX hackish. */
    130 #if !defined(KORE_NO_HTTP)
    131 struct http_request;
    132 struct http_redirect;
    133 #endif
    134 
    135 #define KORE_FILEREF_SOFT_REMOVED	0x1000
    136 
    137 struct kore_fileref {
    138 	int				cnt;
    139 	int				flags;
    140 	int				ontls;
    141 	off_t				size;
    142 	char				*path;
    143 	u_int64_t			mtime;
    144 	time_t				mtime_sec;
    145 	u_int64_t			expiration;
    146 	void				*base;
    147 	int				fd;
    148 	TAILQ_ENTRY(kore_fileref)	list;
    149 };
    150 
    151 struct netbuf {
    152 	u_int8_t		*buf;
    153 	size_t			s_off;
    154 	size_t			b_len;
    155 	size_t			m_len;
    156 	u_int8_t		type;
    157 	u_int8_t		flags;
    158 
    159 	struct kore_fileref	*file_ref;
    160 	off_t			fd_off;
    161 	off_t			fd_len;
    162 
    163 	struct connection	*owner;
    164 	void			*extra;
    165 	int			(*cb)(struct netbuf *);
    166 
    167 	TAILQ_ENTRY(netbuf)	list;
    168 };
    169 
    170 TAILQ_HEAD(netbuf_head, netbuf);
    171 
    172 #define KORE_TYPE_LISTENER	1
    173 #define KORE_TYPE_CONNECTION	2
    174 #define KORE_TYPE_PGSQL_CONN	3
    175 #define KORE_TYPE_TASK		4
    176 #define KORE_TYPE_PYSOCKET	5
    177 #define KORE_TYPE_CURL_HANDLE	6
    178 
    179 #define CONN_STATE_UNKNOWN		0
    180 #define CONN_STATE_TLS_SHAKE		1
    181 #define CONN_STATE_ESTABLISHED		2
    182 #define CONN_STATE_DISCONNECTING	3
    183 
    184 #define CONN_PROTO_UNKNOWN	0
    185 #define CONN_PROTO_HTTP		1
    186 #define CONN_PROTO_WEBSOCKET	2
    187 #define CONN_PROTO_MSG		3
    188 #define CONN_PROTO_ACME_ALPN	200
    189 
    190 #define KORE_EVENT_READ		0x01
    191 #define KORE_EVENT_WRITE	0x02
    192 #define KORE_EVENT_ERROR	0x04
    193 
    194 #define CONN_IDLE_TIMER_ACT	0x0001
    195 #define CONN_CLOSE_EMPTY	0x0002
    196 #define CONN_WS_CLOSE_SENT	0x0004
    197 #define CONN_IS_BUSY		0x0008
    198 #define CONN_LOG_TLS_FAILURE	0x0020
    199 #define CONN_TLS_ALPN_ACME_SEEN	0x0040
    200 #define CONN_TLS_SNI_SEEN	0x0080
    201 
    202 #define KORE_IDLE_TIMER_MAX	5000
    203 
    204 #define WEBSOCKET_OP_CONT	0x00
    205 #define WEBSOCKET_OP_TEXT	0x01
    206 #define WEBSOCKET_OP_BINARY	0x02
    207 #define WEBSOCKET_OP_CLOSE	0x08
    208 #define WEBSOCKET_OP_PING	0x09
    209 #define WEBSOCKET_OP_PONG	0x0a
    210 
    211 #define WEBSOCKET_BROADCAST_LOCAL	1
    212 #define WEBSOCKET_BROADCAST_GLOBAL	2
    213 
    214 #define KORE_TIMER_ONESHOT	0x01
    215 #define KORE_TIMER_FLAGS	(KORE_TIMER_ONESHOT)
    216 
    217 #define KORE_CONNECTION_PRUNE_DISCONNECT	0
    218 #define KORE_CONNECTION_PRUNE_ALL		1
    219 
    220 struct kore_event {
    221 	int		type;
    222 	int		flags;
    223 	void		(*handle)(void *, int);
    224 } __attribute__((packed));
    225 
    226 struct connection {
    227 	struct kore_event	evt;
    228 	int			fd;
    229 	u_int8_t		state;
    230 	u_int8_t		proto;
    231 	struct listener		*owner;
    232 	KORE_TLS		*tls;
    233 	KORE_X509		*tls_cert;
    234 	char			*tls_sni;
    235 	int			tls_reneg;
    236 
    237 	u_int16_t		flags;
    238 	void			*hdlr_extra;
    239 
    240 	int			(*handle)(struct connection *);
    241 	void			(*disconnect)(struct connection *);
    242 	int			(*read)(struct connection *, size_t *);
    243 	int			(*write)(struct connection *, size_t, size_t *);
    244 
    245 	int			family;
    246 	union {
    247 		struct sockaddr_in	ipv4;
    248 		struct sockaddr_in6	ipv6;
    249 		struct sockaddr_un	sun;
    250 	} addr;
    251 
    252 	struct {
    253 		u_int64_t	length;
    254 		u_int64_t	start;
    255 	} idle_timer;
    256 
    257 	struct netbuf_head	send_queue;
    258 	struct netbuf		*snb;
    259 	struct netbuf		*rnb;
    260 
    261 #if !defined(KORE_NO_HTTP)
    262 	u_int64_t			http_start;
    263 	u_int64_t			http_timeout;
    264 	struct kore_runtime_call	*ws_connect;
    265 	struct kore_runtime_call	*ws_message;
    266 	struct kore_runtime_call	*ws_disconnect;
    267 	TAILQ_HEAD(, http_request)	http_requests;
    268 #endif
    269 
    270 	TAILQ_ENTRY(connection)	list;
    271 };
    272 
    273 TAILQ_HEAD(connection_list, connection);
    274 extern struct connection_list	connections;
    275 extern struct connection_list	disconnected;
    276 
    277 #define KORE_RUNTIME_NATIVE	0
    278 #define KORE_RUNTIME_PYTHON	1
    279 
    280 struct kore_runtime {
    281 	int	type;
    282 #if !defined(KORE_NO_HTTP)
    283 	int	(*http_request)(void *, struct http_request *);
    284 	void	(*http_request_free)(void *, struct http_request *);
    285 	void	(*http_body_chunk)(void *,
    286 		    struct http_request *, const void *, size_t);
    287 	int	(*validator)(void *, struct http_request *, const void *);
    288 	void	(*wsconnect)(void *, struct connection *);
    289 	void	(*wsdisconnect)(void *, struct connection *);
    290 	void	(*wsmessage)(void *, struct connection *,
    291 		    u_int8_t, const void *, size_t);
    292 #endif
    293 	void	(*execute)(void *);
    294 	int	(*onload)(void *, int);
    295 	void	(*signal)(void *, int);
    296 	void	(*connect)(void *, struct connection *);
    297 	void	(*configure)(void *, int, char **);
    298 };
    299 
    300 struct kore_runtime_call {
    301 	void			*addr;
    302 	struct kore_runtime	*runtime;
    303 };
    304 
    305 #if !defined(KORE_NO_HTTP)
    306 
    307 struct kore_route_params {
    308 	char			*name;
    309 	int			flags;
    310 	u_int8_t		method;
    311 	struct kore_validator	*validator;
    312 
    313 	TAILQ_ENTRY(kore_route_params)	list;
    314 };
    315 
    316 struct kore_route {
    317 	char					*path;
    318 	char					*func;
    319 	int					type;
    320 	int					errors;
    321 	int					methods;
    322 	regex_t					rctx;
    323 	struct kore_domain			*dom;
    324 	struct kore_auth			*auth;
    325 	struct kore_runtime_call		*rcall;
    326 	struct kore_runtime_call		*on_free;
    327 	struct kore_runtime_call		*on_headers;
    328 	struct kore_runtime_call		*on_body_chunk;
    329 
    330 	TAILQ_HEAD(, kore_route_params)		params;
    331 	TAILQ_ENTRY(kore_route)			list;
    332 };
    333 
    334 #endif
    335 
    336 struct kore_domain {
    337 	u_int16_t				id;
    338 	int					logerr;
    339 	u_int64_t				logwarn;
    340 	int					accesslog;
    341 
    342 	char					*domain;
    343 	struct kore_buf				*logbuf;
    344 	struct kore_server			*server;
    345 
    346 #if defined(KORE_USE_ACME)
    347 	int					acme;
    348 	int					acme_challenge;
    349 	void					*acme_cert;
    350 	size_t					acme_cert_len;
    351 #endif
    352 	char					*cafile;
    353 	char					*crlfile;
    354 	char					*certfile;
    355 	char					*certkey;
    356 	KORE_TLS_CTX				*tls_ctx;
    357 	int					x509_verify_depth;
    358 #if !defined(KORE_NO_HTTP)
    359 	TAILQ_HEAD(, kore_route)		routes;
    360 	TAILQ_HEAD(, http_redirect)		redirects;
    361 #endif
    362 	TAILQ_ENTRY(kore_domain)		list;
    363 };
    364 
    365 TAILQ_HEAD(kore_domain_h, kore_domain);
    366 
    367 extern struct kore_runtime	kore_native_runtime;
    368 
    369 struct listener {
    370 	struct kore_event		evt;
    371 	int				fd;
    372 	int				family;
    373 	char				*port;
    374 	char				*host;
    375 	struct kore_server		*server;
    376 	struct kore_runtime_call	*connect;
    377 
    378 	LIST_ENTRY(listener)		list;
    379 };
    380 
    381 struct kore_server {
    382 	int				tls;
    383 	char				*name;
    384 	struct kore_domain_h		domains;
    385 	LIST_HEAD(, listener)		listeners;
    386 	LIST_ENTRY(kore_server)		list;
    387 };
    388 
    389 LIST_HEAD(kore_server_list, kore_server);
    390 
    391 #if !defined(KORE_NO_HTTP)
    392 
    393 #define KORE_PARAMS_QUERY_STRING	0x0001
    394 
    395 #define KORE_AUTH_TYPE_COOKIE		1
    396 #define KORE_AUTH_TYPE_HEADER		2
    397 #define KORE_AUTH_TYPE_REQUEST		3
    398 
    399 struct kore_auth {
    400 	u_int8_t		type;
    401 	char			*name;
    402 	char			*value;
    403 	char			*redirect;
    404 	struct kore_validator	*validator;
    405 
    406 	TAILQ_ENTRY(kore_auth)	list;
    407 };
    408 
    409 #define HANDLER_TYPE_STATIC	1
    410 #define HANDLER_TYPE_DYNAMIC	2
    411 
    412 #endif /* !KORE_NO_HTTP */
    413 
    414 #define KORE_MODULE_LOAD	1
    415 #define KORE_MODULE_UNLOAD	2
    416 
    417 #define KORE_MODULE_NATIVE	0
    418 #define KORE_MODULE_PYTHON	1
    419 
    420 struct kore_module;
    421 
    422 struct kore_module_functions {
    423 	void			(*free)(struct kore_module *);
    424 	void			(*reload)(struct kore_module *);
    425 	int			(*callback)(struct kore_module *, int);
    426 	void			(*load)(struct kore_module *);
    427 	void			*(*getsym)(struct kore_module *, const char *);
    428 };
    429 
    430 struct kore_module {
    431 	void				*handle;
    432 	char				*path;
    433 	char				*onload;
    434 	int				type;
    435 	struct kore_runtime_call	*ocb;
    436 
    437 	struct kore_module_functions	*fun;
    438 	struct kore_runtime		*runtime;
    439 
    440 	TAILQ_ENTRY(kore_module)	list;
    441 };
    442 
    443 /*
    444  * The workers get a 128KB log buffer per worker, and parent will fetch their
    445  * logs when it reached at least 75% of that or if its been > 1 second since
    446  * it was last synced.
    447  */
    448 #define KORE_ACCESSLOG_BUFLEN		131072U
    449 #define KORE_ACCESSLOG_SYNC		98304U
    450 
    451 struct kore_alog_header {
    452 	u_int16_t		domain;
    453 	u_int16_t		loglen;
    454 } __attribute__((packed));
    455 
    456 struct kore_privsep {
    457 	char		*root;
    458 	char		*runas;
    459 	int		skip_runas;
    460 	int		skip_chroot;
    461 };
    462 
    463 struct kore_worker {
    464 	u_int16_t			id;
    465 	u_int16_t			cpu;
    466 	int				ready;
    467 	int				running;
    468 #if defined(__linux__)
    469 	int				tracing;
    470 #endif
    471 	pid_t				pid;
    472 	int				pipe[2];
    473 	struct connection		*msg[2];
    474 	u_int8_t			has_lock;
    475 	int				restarted;
    476 	u_int64_t			time_locked;
    477 	struct kore_route		*active_route;
    478 	struct kore_privsep		*ps;
    479 
    480 	/* Used by the workers to store accesslogs. */
    481 	struct {
    482 		int			lock;
    483 		size_t			offset;
    484 		char			buf[KORE_ACCESSLOG_BUFLEN];
    485 	} lb;
    486 };
    487 
    488 #if !defined(KORE_NO_HTTP)
    489 
    490 #define KORE_VALIDATOR_TYPE_REGEX	1
    491 #define KORE_VALIDATOR_TYPE_FUNCTION	2
    492 
    493 struct kore_validator {
    494 	u_int8_t			type;
    495 	char				*name;
    496 	char				*arg;
    497 	regex_t				rctx;
    498 	struct kore_runtime_call	*rcall;
    499 
    500 	TAILQ_ENTRY(kore_validator)	list;
    501 };
    502 #endif /* !KORE_NO_HTTP */
    503 
    504 #define KORE_BUF_OWNER_API	0x0001
    505 
    506 struct kore_buf {
    507 	u_int8_t		*data;
    508 	int			flags;
    509 	size_t			length;
    510 	size_t			offset;
    511 };
    512 
    513 #define KORE_JSON_TYPE_OBJECT		0x0001
    514 #define KORE_JSON_TYPE_ARRAY		0x0002
    515 #define KORE_JSON_TYPE_STRING		0x0004
    516 #define KORE_JSON_TYPE_NUMBER		0x0008
    517 #define KORE_JSON_TYPE_LITERAL		0x0010
    518 #define KORE_JSON_TYPE_INTEGER		0x0020
    519 #define KORE_JSON_TYPE_INTEGER_U64	0x0040
    520 
    521 #define KORE_JSON_FALSE			0
    522 #define KORE_JSON_TRUE			1
    523 #define KORE_JSON_NULL			2
    524 
    525 #define KORE_JSON_DEPTH_MAX		10
    526 
    527 #define KORE_JSON_ERR_NONE		0
    528 #define KORE_JSON_ERR_INVALID_OBJECT	1
    529 #define KORE_JSON_ERR_INVALID_ARRAY	2
    530 #define KORE_JSON_ERR_INVALID_STRING	3
    531 #define KORE_JSON_ERR_INVALID_NUMBER	4
    532 #define KORE_JSON_ERR_INVALID_LITERAL	5
    533 #define KORE_JSON_ERR_DEPTH		6
    534 #define KORE_JSON_ERR_EOF		7
    535 #define KORE_JSON_ERR_INVALID_JSON	8
    536 #define KORE_JSON_ERR_INVALID_SEARCH	9
    537 #define KORE_JSON_ERR_NOT_FOUND		10
    538 #define KORE_JSON_ERR_TYPE_MISMATCH	11
    539 #define KORE_JSON_ERR_LAST		KORE_JSON_ERR_TYPE_MISMATCH
    540 
    541 #define kore_json_find_object(j, p)		\
    542     kore_json_find(j, p, KORE_JSON_TYPE_OBJECT)
    543 
    544 #define kore_json_find_array(j, p)		\
    545     kore_json_find(j, p, KORE_JSON_TYPE_ARRAY)
    546 
    547 #define kore_json_find_string(j, p)		\
    548     kore_json_find(j, p, KORE_JSON_TYPE_STRING)
    549 
    550 #define kore_json_find_number(j, p)		\
    551     kore_json_find(j, p, KORE_JSON_TYPE_NUMBER)
    552 
    553 #define kore_json_find_integer(j, p)		\
    554     kore_json_find(j, p, KORE_JSON_TYPE_INTEGER)
    555 
    556 #define kore_json_find_integer_u64(j, p)	\
    557     kore_json_find(j, p, KORE_JSON_TYPE_INTEGER_U64)
    558 
    559 #define kore_json_find_literal(j, p)		\
    560     kore_json_find(j, p, KORE_JSON_TYPE_LITERAL)
    561 
    562 #define kore_json_create_object(o, n)				\
    563     kore_json_create_item(o, n, KORE_JSON_TYPE_OBJECT)
    564 
    565 #define kore_json_create_array(o, n)				\
    566     kore_json_create_item(o, n, KORE_JSON_TYPE_ARRAY)
    567 
    568 #define kore_json_create_string(o, n, v)			\
    569     kore_json_create_item(o, n, KORE_JSON_TYPE_STRING, v)
    570 
    571 #define kore_json_create_number(o, n, v)			\
    572     kore_json_create_item(o, n, KORE_JSON_TYPE_NUMBER, (double)v)
    573 
    574 #define kore_json_create_integer(o, n, v)			\
    575     kore_json_create_item(o, n, KORE_JSON_TYPE_INTEGER, (int64_t)v)
    576 
    577 #define kore_json_create_integer_u64(o, n, v)			\
    578     kore_json_create_item(o, n, KORE_JSON_TYPE_INTEGER_U64, (u_int64_t)v)
    579 
    580 #define kore_json_create_literal(o, n, v)			\
    581     kore_json_create_item(o, n, KORE_JSON_TYPE_LITERAL, v)
    582 
    583 struct kore_json {
    584 	const u_int8_t			*data;
    585 	int				depth;
    586 	size_t				length;
    587 	size_t				offset;
    588 
    589 	struct kore_buf			tmpbuf;
    590 	struct kore_json_item		*root;
    591 };
    592 
    593 struct kore_json_item {
    594 	u_int32_t			type;
    595 	char				*name;
    596 	struct kore_json_item		*parent;
    597 
    598 	union {
    599 		TAILQ_HEAD(, kore_json_item)	items;
    600 		char				*string;
    601 		double				number;
    602 		int				literal;
    603 		int64_t				integer;
    604 		u_int64_t			u64;
    605 	} data;
    606 
    607 	int	(*parse)(struct kore_json *,
    608 		    struct kore_json_item *);
    609 
    610 	TAILQ_ENTRY(kore_json_item)	list;
    611 };
    612 
    613 struct kore_pool_region {
    614 	void				*start;
    615 	size_t				length;
    616 	LIST_ENTRY(kore_pool_region)	list;
    617 };
    618 
    619 struct kore_pool_entry {
    620 	u_int8_t			state;
    621 	struct kore_pool_region		*region;
    622 	LIST_ENTRY(kore_pool_entry)	list;
    623 };
    624 
    625 struct kore_pool {
    626 	size_t			elen;
    627 	size_t			slen;
    628 	size_t			elms;
    629 	size_t			inuse;
    630 	size_t			growth;
    631 	volatile int		lock;
    632 	char			*name;
    633 
    634 	LIST_HEAD(, kore_pool_region)	regions;
    635 	LIST_HEAD(, kore_pool_entry)	freelist;
    636 };
    637 
    638 struct kore_timer {
    639 	u_int64_t	nextrun;
    640 	u_int64_t	interval;
    641 	int		flags;
    642 	void		*arg;
    643 	void		(*cb)(void *, u_int64_t);
    644 
    645 	TAILQ_ENTRY(kore_timer)	list;
    646 };
    647 
    648 /*
    649  * Keymgr process is worker index 0, but id 2000.
    650  * Acme process is worker index 1, but id 2001.
    651  */
    652 #define KORE_WORKER_KEYMGR_IDX		0
    653 #define KORE_WORKER_ACME_IDX		1
    654 #define KORE_WORKER_BASE		2
    655 #define KORE_WORKER_KEYMGR		2000
    656 #define KORE_WORKER_ACME		2001
    657 #define KORE_WORKER_MAX			UCHAR_MAX
    658 
    659 #define KORE_WORKER_POLICY_RESTART	1
    660 #define KORE_WORKER_POLICY_TERMINATE	2
    661 
    662 /* Reserved message ids, registered on workers. */
    663 #define KORE_MSG_WEBSOCKET		1
    664 #define KORE_MSG_KEYMGR_REQ		2
    665 #define KORE_MSG_KEYMGR_RESP		3
    666 #define KORE_MSG_SHUTDOWN		4
    667 #define KORE_MSG_ENTROPY_REQ		5
    668 #define KORE_MSG_ENTROPY_RESP		6
    669 #define KORE_MSG_CERTIFICATE		7
    670 #define KORE_MSG_CERTIFICATE_REQ	8
    671 #define KORE_MSG_CRL			9
    672 #define KORE_MSG_ACCEPT_AVAILABLE	10
    673 #define KORE_PYTHON_SEND_OBJ		11
    674 #define KORE_MSG_WORKER_LOG		12
    675 #define KORE_MSG_ACME_BASE		100
    676 
    677 /* messages for applications should start at 201. */
    678 #define KORE_MSG_APP_BASE		200
    679 
    680 /* Predefined message targets. */
    681 #define KORE_MSG_PARENT		1000
    682 #define KORE_MSG_WORKER_ALL	1001
    683 
    684 struct kore_msg {
    685 	u_int8_t	id;
    686 	u_int16_t	src;
    687 	u_int16_t	dst;
    688 	size_t		length;
    689 };
    690 
    691 struct kore_keyreq {
    692 	int		padding;
    693 	char		domain[KORE_DOMAINNAME_LEN + 1];
    694 	size_t		data_len;
    695 	u_int8_t	data[];
    696 };
    697 
    698 struct kore_x509_msg {
    699 	char		domain[KORE_DOMAINNAME_LEN + 1];
    700 	size_t		data_len;
    701 	u_int8_t	data[];
    702 };
    703 
    704 #if !defined(KORE_SINGLE_BINARY)
    705 extern char	*config_file;
    706 #endif
    707 
    708 extern pid_t	kore_pid;
    709 extern int	kore_quit;
    710 extern int	kore_quiet;
    711 extern int	kore_debug;
    712 extern int	skip_chroot;
    713 extern int	skip_runas;
    714 extern int	kore_foreground;
    715 
    716 extern char	*kore_pidfile;
    717 
    718 extern volatile sig_atomic_t	sig_recv;
    719 
    720 extern char	*kore_rand_file;
    721 extern int	kore_keymgr_active;
    722 
    723 extern struct kore_privsep	worker_privsep;
    724 extern struct kore_privsep	keymgr_privsep;
    725 extern struct kore_privsep	acme_privsep;
    726 
    727 extern u_int8_t			nlisteners;
    728 extern u_int16_t		cpu_count;
    729 extern u_int8_t			worker_count;
    730 extern const char		*kore_version;
    731 extern const char		*kore_build_date;
    732 extern int			worker_policy;
    733 extern u_int8_t			worker_set_affinity;
    734 extern u_int32_t		worker_rlimit_nofiles;
    735 extern u_int32_t		worker_max_connections;
    736 extern u_int32_t		worker_active_connections;
    737 extern u_int32_t		worker_accept_threshold;
    738 extern u_int64_t		kore_websocket_maxframe;
    739 extern u_int64_t		kore_websocket_timeout;
    740 extern u_int32_t		kore_socket_backlog;
    741 
    742 extern struct kore_worker	*worker;
    743 extern struct kore_pool		nb_pool;
    744 extern struct kore_domain	*primary_dom;
    745 extern struct kore_server_list	kore_servers;
    746 
    747 /* kore.c */
    748 void		kore_signal(int);
    749 void		kore_shutdown(void);
    750 void		kore_signal_trap(int);
    751 void		kore_signal_setup(void);
    752 void		kore_proctitle(const char *);
    753 void		kore_default_getopt(int, char **);
    754 
    755 void		kore_server_closeall(void);
    756 void		kore_server_cleanup(void);
    757 void		kore_server_free(struct kore_server *);
    758 void		kore_server_finalize(struct kore_server *);
    759 
    760 struct kore_server	*kore_server_create(const char *);
    761 struct kore_server	*kore_server_lookup(const char *);
    762 
    763 void		kore_listener_accept(void *, int);
    764 struct listener	*kore_listener_lookup(const char *);
    765 void		kore_listener_free(struct listener *);
    766 struct listener	*kore_listener_create(struct kore_server *);
    767 int		kore_listener_init(struct listener *, int, const char *);
    768 
    769 int		kore_sockopt(int, int, int);
    770 int		kore_server_bind_unix(struct kore_server *,
    771 		    const char *, const char *);
    772 int		kore_server_bind(struct kore_server *,
    773 		    const char *, const char *, const char *);
    774 /* worker.c */
    775 void		kore_worker_reap(void);
    776 int		kore_worker_init(void);
    777 void		kore_worker_privsep(void);
    778 void		kore_worker_started(void);
    779 void		kore_worker_make_busy(void);
    780 void		kore_worker_shutdown(void);
    781 void		kore_worker_dispatch_signal(int);
    782 int		kore_worker_spawn(u_int16_t, u_int16_t, u_int16_t);
    783 int		kore_worker_keymgr_response_verify(struct kore_msg *,
    784 		    const void *, struct kore_domain **);
    785 
    786 void	kore_worker_entry(struct kore_worker *) __attribute__((noreturn));
    787 
    788 struct kore_worker	*kore_worker_data(u_int8_t);
    789 struct kore_worker	*kore_worker_data_byid(u_int16_t);
    790 
    791 /* platform code (linux.c, bsd.c) */
    792 void		kore_platform_init(void);
    793 void		kore_platform_sandbox(void);
    794 void		kore_platform_event_init(void);
    795 void		kore_platform_event_cleanup(void);
    796 void		kore_platform_disable_read(int);
    797 void		kore_platform_disable_write(int);
    798 void		kore_platform_enable_accept(void);
    799 void		kore_platform_disable_accept(void);
    800 void		kore_platform_event_wait(u_int64_t);
    801 void		kore_platform_event_all(int, void *);
    802 void		kore_platform_event_level_all(int, void *);
    803 void		kore_platform_event_level_read(int, void *);
    804 void		kore_platform_proctitle(const char *);
    805 void		kore_platform_schedule_read(int, void *);
    806 void		kore_platform_schedule_write(int, void *);
    807 void		kore_platform_event_schedule(int, int, int, void *);
    808 void		kore_platform_worker_setcpu(struct kore_worker *);
    809 
    810 #if defined(KORE_USE_PLATFORM_SENDFILE)
    811 int		kore_platform_sendfile(struct connection *, struct netbuf *);
    812 #endif
    813 
    814 #if defined(KORE_USE_PLATFORM_PLEDGE)
    815 void		kore_platform_pledge(void);
    816 void		kore_platform_add_pledge(const char *);
    817 #endif
    818 
    819 /* tls variants. */
    820 #define KORE_X509_NAME_COMMON_NAME	1
    821 
    822 void		kore_tls_init(void);
    823 void		kore_tls_cleanup(void);
    824 void		kore_tls_dh_check(void);
    825 int		kore_tls_supported(void);
    826 void		kore_tls_version_set(int);
    827 void		kore_tls_keymgr_init(void);
    828 int		kore_tls_dh_load(const char *);
    829 void		kore_tls_seed(const void *, size_t);
    830 int		kore_tls_ciphersuite_set(const char *);
    831 int		kore_tls_read(struct connection *, size_t *);
    832 void		kore_tls_domain_cleanup(struct kore_domain *);
    833 int		kore_tls_connection_accept(struct connection *);
    834 void		kore_tls_connection_cleanup(struct connection *);
    835 int		kore_tls_write(struct connection *, size_t, size_t *);
    836 void		kore_tls_domain_crl(struct kore_domain *, const void *, size_t);
    837 void		kore_tls_domain_setup(struct kore_domain *,
    838 		    int, const void *, size_t);
    839 
    840 KORE_PRIVATE_KEY	*kore_tls_rsakey_load(const char *);
    841 KORE_PRIVATE_KEY	*kore_tls_rsakey_generate(const char *);
    842 
    843 int		kore_tls_x509_data(struct connection *, u_int8_t **, size_t *);
    844 KORE_X509_NAMES	*kore_tls_x509_issuer_name(struct connection *);
    845 KORE_X509_NAMES	*kore_tls_x509_subject_name(struct connection *);
    846 int		kore_tls_x509name_foreach(KORE_X509_NAMES *, int, void *,
    847 		    int (*)(void *, int, int, const char *,
    848 		    const void *, size_t, int));
    849 /* accesslog.c */
    850 void		kore_accesslog_init(u_int16_t);
    851 void		kore_accesslog_worker_init(void);
    852 void		kore_accesslog_run(void *, u_int64_t);
    853 void		kore_accesslog_gather(void *, u_int64_t, int);
    854 
    855 #if !defined(KORE_NO_HTTP)
    856 /* auth.c */
    857 int		kore_auth_run(struct http_request *, struct kore_auth *);
    858 int		kore_auth_cookie(struct http_request *, struct kore_auth *);
    859 int		kore_auth_header(struct http_request *, struct kore_auth *);
    860 int		kore_auth_request(struct http_request *, struct kore_auth *);
    861 void		kore_auth_init(void);
    862 int		kore_auth_new(const char *);
    863 struct kore_auth	*kore_auth_lookup(const char *);
    864 #endif
    865 
    866 /* timer.c */
    867 void		kore_timer_init(void);
    868 void		kore_timer_run(u_int64_t);
    869 u_int64_t	kore_timer_next_run(u_int64_t);
    870 void		kore_timer_remove(struct kore_timer *);
    871 struct kore_timer	*kore_timer_add(void (*cb)(void *, u_int64_t),
    872 			    u_int64_t, void *, int);
    873 
    874 /* connection.c */
    875 void			kore_connection_init(void);
    876 void			kore_connection_cleanup(void);
    877 void			kore_connection_prune(int);
    878 struct connection	*kore_connection_new(void *);
    879 void			kore_connection_event(void *, int);
    880 int			kore_connection_nonblock(int, int);
    881 void			kore_connection_check_timeout(u_int64_t);
    882 int			kore_connection_handle(struct connection *);
    883 void			kore_connection_remove(struct connection *);
    884 void			kore_connection_disconnect(struct connection *);
    885 void			kore_connection_start_idletimer(struct connection *);
    886 void			kore_connection_stop_idletimer(struct connection *);
    887 void			kore_connection_check_idletimer(u_int64_t,
    888 			    struct connection *);
    889 int			kore_connection_accept(struct listener *,
    890 			    struct connection **);
    891 
    892 void		kore_log_init(void);
    893 void		kore_log_file(const char *);
    894 
    895 #if defined(KORE_USE_PYTHON)
    896 int		kore_configure_setting(const char *, char *);
    897 #endif
    898 
    899 /* config.c */
    900 void		kore_parse_config(void);
    901 void		kore_parse_config_file(FILE *);
    902 
    903 /* mem.c */
    904 void		*kore_malloc(size_t);
    905 void		*kore_calloc(size_t, size_t);
    906 void		*kore_realloc(void *, size_t);
    907 void		kore_free(void *);
    908 void		kore_mem_init(void);
    909 void		kore_mem_cleanup(void);
    910 void		kore_mem_untag(void *);
    911 void		*kore_mem_lookup(u_int32_t);
    912 void		kore_mem_zero(void *, size_t);
    913 void		kore_mem_tag(void *, u_int32_t);
    914 void		*kore_malloc_tagged(size_t, u_int32_t);
    915 
    916 /* pool.c */
    917 void		*kore_pool_get(struct kore_pool *);
    918 void		kore_pool_put(struct kore_pool *, void *);
    919 void		kore_pool_init(struct kore_pool *, const char *,
    920 		    size_t, size_t);
    921 void		kore_pool_cleanup(struct kore_pool *);
    922 
    923 /* utils.c */
    924 void		kore_debug_internal(char *, int, const char *, ...);
    925 void		fatal(const char *, ...) __attribute__((noreturn));
    926 void		fatalx(const char *, ...) __attribute__((noreturn));
    927 
    928 u_int64_t	kore_time_ms(void);
    929 char		*kore_time_to_date(time_t);
    930 char		*kore_strdup(const char *);
    931 time_t		kore_date_to_time(const char *);
    932 void		kore_log(int, const char *, ...)
    933 		    __attribute__((format (printf, 2, 3)));
    934 u_int64_t	kore_strtonum64(const char *, int, int *);
    935 size_t		kore_strlcpy(char *, const char *, const size_t);
    936 void		kore_server_disconnect(struct connection *);
    937 int		kore_split_string(char *, const char *, char **, size_t);
    938 void		kore_strip_chars(char *, const char, char **);
    939 int		kore_snprintf(char *, size_t, int *, const char *, ...);
    940 long long	kore_strtonum(const char *, int, long long, long long, int *);
    941 double		kore_strtodouble(const char *, long double, long double, int *);
    942 int		kore_base64_encode(const void *, size_t, char **);
    943 int		kore_base64_decode(const char *, u_int8_t **, size_t *);
    944 int		kore_base64url_encode(const void *, size_t, char **, int);
    945 int		kore_base64url_decode(const char *, u_int8_t **, size_t *, int);
    946 int		kore_x509_issuer_name(struct connection *, char **, int);
    947 int		kore_x509_subject_name(struct connection *, char **, int);
    948 
    949 void		*kore_mem_find(void *, size_t, const void *, size_t);
    950 char		*kore_text_trim(char *, size_t);
    951 char		*kore_read_line(FILE *, char *, size_t);
    952 
    953 #if !defined(KORE_NO_HTTP)
    954 /* websocket.c */
    955 void		kore_websocket_handshake(struct http_request *,
    956 		    const char *, const char *, const char *);
    957 int		kore_websocket_send_clean(struct netbuf *);
    958 void		kore_websocket_send(struct connection *,
    959 		    u_int8_t, const void *, size_t);
    960 void		kore_websocket_broadcast(struct connection *,
    961 		    u_int8_t, const void *, size_t, int);
    962 #endif
    963 
    964 /* msg.c */
    965 void		kore_msg_init(void);
    966 void		kore_msg_worker_init(void);
    967 void		kore_msg_parent_init(void);
    968 void		kore_msg_unregister(u_int8_t);
    969 void		kore_msg_parent_add(struct kore_worker *);
    970 void		kore_msg_parent_remove(struct kore_worker *);
    971 void		kore_msg_send(u_int16_t, u_int8_t, const void *, size_t);
    972 int		kore_msg_register(u_int8_t,
    973 		    void (*cb)(struct kore_msg *, const void *));
    974 
    975 #if !defined(KORE_NO_HTTP)
    976 /* filemap.c */
    977 void		kore_filemap_init(void);
    978 void		kore_filemap_resolve_paths(void);
    979 int		kore_filemap_create(struct kore_domain *, const char *,
    980 		    const char *);
    981 extern char	*kore_filemap_ext;
    982 extern char	*kore_filemap_index;
    983 #endif
    984 
    985 /* fileref.c */
    986 void			kore_fileref_init(void);
    987 struct kore_fileref	*kore_fileref_get(const char *, int);
    988 struct kore_fileref	*kore_fileref_create(struct kore_server *,
    989 			    const char *, int, off_t, struct timespec *);
    990 void			kore_fileref_release(struct kore_fileref *);
    991 
    992 /* domain.c */
    993 struct kore_domain	*kore_domain_new(const char *);
    994 struct kore_domain	*kore_domain_byid(u_int16_t);
    995 struct kore_domain	*kore_domain_lookup(struct kore_server *, const char *);
    996 
    997 void		kore_domain_init(void);
    998 void		kore_domain_cleanup(void);
    999 void		kore_domain_free(struct kore_domain *);
   1000 void		kore_module_init(void);
   1001 void		kore_module_cleanup(void);
   1002 void		kore_module_reload(int);
   1003 void		kore_module_onload(void);
   1004 int		kore_module_loaded(void);
   1005 void		kore_domain_closelogs(void);
   1006 void		*kore_module_getsym(const char *, struct kore_runtime **);
   1007 void		kore_domain_load_crl(void);
   1008 void		kore_domain_keymgr_init(void);
   1009 void		kore_domain_callback(void (*cb)(struct kore_domain *));
   1010 int		kore_domain_attach(struct kore_domain *, struct kore_server *);
   1011 
   1012 #if !defined(KORE_NO_HTTP)
   1013 /* route.c */
   1014 void		kore_route_reload(void);
   1015 void		kore_route_free(struct kore_route *);
   1016 void		kore_route_callback(struct kore_route *, const char *);
   1017 
   1018 struct kore_route	*kore_route_create(struct kore_domain *,
   1019 			    const char *, int);
   1020 int			kore_route_lookup(struct http_request *,
   1021 			    struct kore_domain *, int, struct kore_route **);
   1022 #endif
   1023 
   1024 /* runtime.c */
   1025 struct kore_runtime_call	*kore_runtime_getcall(const char *);
   1026 struct kore_module		*kore_module_load(const char *,
   1027 				    const char *, int);
   1028 
   1029 void	kore_runtime_execute(struct kore_runtime_call *);
   1030 int	kore_runtime_onload(struct kore_runtime_call *, int);
   1031 void	kore_runtime_signal(struct kore_runtime_call *, int);
   1032 void	kore_runtime_configure(struct kore_runtime_call *, int, char **);
   1033 void	kore_runtime_connect(struct kore_runtime_call *, struct connection *);
   1034 #if !defined(KORE_NO_HTTP)
   1035 int	kore_runtime_http_request(struct kore_runtime_call *,
   1036 	    struct http_request *);
   1037 void	kore_runtime_http_request_free(struct kore_runtime_call *,
   1038 	    struct http_request *);
   1039 void	kore_runtime_http_body_chunk(struct kore_runtime_call *,
   1040 	    struct http_request *, const void *, size_t);
   1041 int	kore_runtime_validator(struct kore_runtime_call *,
   1042 	    struct http_request *, const void *);
   1043 void	kore_runtime_wsconnect(struct kore_runtime_call *, struct connection *);
   1044 void	kore_runtime_wsdisconnect(struct kore_runtime_call *,
   1045 	    struct connection *);
   1046 void	kore_runtime_wsmessage(struct kore_runtime_call *,
   1047 	    struct connection *, u_int8_t, const void *, size_t);
   1048 #endif
   1049 
   1050 #if !defined(KORE_NO_HTTP)
   1051 /* validator.c */
   1052 void		kore_validator_init(void);
   1053 void		kore_validator_reload(void);
   1054 int		kore_validator_add(const char *, u_int8_t, const char *);
   1055 int		kore_validator_run(struct http_request *, const char *, char *);
   1056 int		kore_validator_check(struct http_request *,
   1057 		    struct kore_validator *, const void *);
   1058 struct kore_validator	*kore_validator_lookup(const char *);
   1059 #endif
   1060 
   1061 const char	*kore_worker_name(int);
   1062 
   1063 /* net.c */
   1064 u_int16_t	net_read16(u_int8_t *);
   1065 u_int32_t	net_read32(u_int8_t *);
   1066 u_int64_t	net_read64(u_int8_t *);
   1067 void		net_write16(u_int8_t *, u_int16_t);
   1068 void		net_write32(u_int8_t *, u_int32_t);
   1069 void		net_write64(u_int8_t *, u_int64_t);
   1070 
   1071 void		net_init(void);
   1072 void		net_cleanup(void);
   1073 struct netbuf	*net_netbuf_get(void);
   1074 int		net_send(struct connection *);
   1075 int		net_send_flush(struct connection *);
   1076 int		net_recv_flush(struct connection *);
   1077 int		net_read(struct connection *, size_t *);
   1078 int		net_write(struct connection *, size_t, size_t *);
   1079 void		net_recv_reset(struct connection *, size_t,
   1080 		    int (*cb)(struct netbuf *));
   1081 void		net_remove_netbuf(struct connection *, struct netbuf *);
   1082 void		net_recv_queue(struct connection *, size_t, int,
   1083 		    int (*cb)(struct netbuf *));
   1084 void		net_recv_expand(struct connection *c, size_t,
   1085 		    int (*cb)(struct netbuf *));
   1086 void		net_send_queue(struct connection *, const void *, size_t);
   1087 void		net_send_stream(struct connection *, void *,
   1088 		    size_t, int (*cb)(struct netbuf *), struct netbuf **);
   1089 void		net_send_fileref(struct connection *, struct kore_fileref *);
   1090 
   1091 /* buf.c */
   1092 void		kore_buf_free(struct kore_buf *);
   1093 struct kore_buf	*kore_buf_alloc(size_t);
   1094 void		kore_buf_init(struct kore_buf *, size_t);
   1095 void		kore_buf_append(struct kore_buf *, const void *, size_t);
   1096 u_int8_t	*kore_buf_release(struct kore_buf *, size_t *);
   1097 void		kore_buf_reset(struct kore_buf *);
   1098 void		kore_buf_cleanup(struct kore_buf *);
   1099 
   1100 char	*kore_buf_stringify(struct kore_buf *, size_t *);
   1101 void	kore_buf_appendf(struct kore_buf *, const char *, ...);
   1102 void	kore_buf_appendv(struct kore_buf *, const char *, va_list);
   1103 void	kore_buf_replace_string(struct kore_buf *,
   1104 	    const char *, const void *, size_t);
   1105 
   1106 /* json.c */
   1107 int	kore_json_errno(void);
   1108 int	kore_json_parse(struct kore_json *);
   1109 void	kore_json_cleanup(struct kore_json *);
   1110 void	kore_json_item_free(struct kore_json_item *);
   1111 void	kore_json_init(struct kore_json *, const void *, size_t);
   1112 void	kore_json_item_tobuf(struct kore_json_item *, struct kore_buf *);
   1113 void	kore_json_item_attach(struct kore_json_item *, struct kore_json_item *);
   1114 
   1115 const char		*kore_json_strerror(void);
   1116 struct kore_json_item	*kore_json_find(struct kore_json_item *,
   1117 			    const char *, u_int32_t);
   1118 struct kore_json_item	*kore_json_create_item(struct kore_json_item *,
   1119 			    const char *, u_int32_t, ...);
   1120 
   1121 /* keymgr.c */
   1122 void	kore_keymgr_run(void);
   1123 void	kore_keymgr_cleanup(int);
   1124 
   1125 #if defined(__cplusplus)
   1126 }
   1127 #endif
   1128 
   1129 #endif /* !__H_KORE_H */